Copied from Debian.

description: out-of-bounds read
origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585

--- a/source/layout/LETableReference.h
+++ b/source/layout/LETableReference.h
@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
   }
   
   const T& operator()(le_uint32 i, LEErrorCode &success) const {
-    return *getAlias(i,success);
+    const T *ret = getAlias(i,success);
+    if (LE_FAILURE(success) || ret==NULL) {
+      return *(new T());
+    } else {
+      return *ret;
+    }
   }
 
   size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {
